From 4f378772013099667f3f49be7de3cc2f5c1d7fea Mon Sep 17 00:00:00 2001
From: xhe <xw897002528@gmail.com>
Date: Tue, 20 Jun 2023 22:38:41 +0800
Subject: [PATCH] tiproxy: revert enable SSL by default (#5084)

---
 docs/api-references/docs.md                         | 4 ++--
 manifests/crd.yaml                                  | 2 +-
 manifests/crd/v1/pingcap.com_tidbclusters.yaml      | 2 +-
 manifests/crd/v1beta1/pingcap.com_tidbclusters.yaml | 2 +-
 manifests/crd_v1beta1.yaml                          | 2 +-
 pkg/apis/pingcap/v1alpha1/openapi_generated.go      | 4 ++--
 pkg/apis/pingcap/v1alpha1/types.go                  | 4 ++--
 pkg/manager/member/tiproxy_member_manager.go        | 4 ++--
 8 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/docs/api-references/docs.md b/docs/api-references/docs.md
index 413a8c4b2f..789440c5fb 100644
--- a/docs/api-references/docs.md
+++ b/docs/api-references/docs.md
@@ -22592,13 +22592,13 @@ int32
 </tr>
 <tr>
 <td>
-<code>sslDisableTiDB</code></br>
+<code>sslEnableTiDB</code></br>
 <em>
 bool
 </em>
 </td>
 <td>
-<p>Whether disable SSL connection between tiproxy and TiDB server</p>
+<p>Whether enable SSL connection between tiproxy and TiDB server</p>
 </td>
 </tr>
 <tr>
diff --git a/manifests/crd.yaml b/manifests/crd.yaml
index 449b6d0380..36c7bd0582 100644
--- a/manifests/crd.yaml
+++ b/manifests/crd.yaml
@@ -34235,7 +34235,7 @@ spec:
                     type: string
                   serviceAccount:
                     type: string
-                  sslDisableTiDB:
+                  sslEnableTiDB:
                     type: boolean
                   statefulSetUpdateStrategy:
                     type: string
diff --git a/manifests/crd/v1/pingcap.com_tidbclusters.yaml b/manifests/crd/v1/pingcap.com_tidbclusters.yaml
index 8b62bd14c0..8249bfe174 100644
--- a/manifests/crd/v1/pingcap.com_tidbclusters.yaml
+++ b/manifests/crd/v1/pingcap.com_tidbclusters.yaml
@@ -19617,7 +19617,7 @@ spec:
                     type: string
                   serviceAccount:
                     type: string
-                  sslDisableTiDB:
+                  sslEnableTiDB:
                     type: boolean
                   statefulSetUpdateStrategy:
                     type: string
diff --git a/manifests/crd/v1beta1/pingcap.com_tidbclusters.yaml b/manifests/crd/v1beta1/pingcap.com_tidbclusters.yaml
index ab2b266f25..0deacc7d5c 100644
--- a/manifests/crd/v1beta1/pingcap.com_tidbclusters.yaml
+++ b/manifests/crd/v1beta1/pingcap.com_tidbclusters.yaml
@@ -19587,7 +19587,7 @@ spec:
                   type: string
                 serviceAccount:
                   type: string
-                sslDisableTiDB:
+                sslEnableTiDB:
                   type: boolean
                 statefulSetUpdateStrategy:
                   type: string
diff --git a/manifests/crd_v1beta1.yaml b/manifests/crd_v1beta1.yaml
index 060e7f7fef..5e571d724b 100644
--- a/manifests/crd_v1beta1.yaml
+++ b/manifests/crd_v1beta1.yaml
@@ -34189,7 +34189,7 @@ spec:
                   type: string
                 serviceAccount:
                   type: string
-                sslDisableTiDB:
+                sslEnableTiDB:
                   type: boolean
                 statefulSetUpdateStrategy:
                   type: string
diff --git a/pkg/apis/pingcap/v1alpha1/openapi_generated.go b/pkg/apis/pingcap/v1alpha1/openapi_generated.go
index d2c870a05a..67a2b3410f 100644
--- a/pkg/apis/pingcap/v1alpha1/openapi_generated.go
+++ b/pkg/apis/pingcap/v1alpha1/openapi_generated.go
@@ -13070,9 +13070,9 @@ func schema_pkg_apis_pingcap_v1alpha1_TiProxySpec(ref common.ReferenceCallback)
 							Format:      "int32",
 						},
 					},
-					"sslDisableTiDB": {
+					"sslEnableTiDB": {
 						SchemaProps: spec.SchemaProps{
-							Description: "Whether disable SSL connection between tiproxy and TiDB server",
+							Description: "Whether enable SSL connection between tiproxy and TiDB server",
 							Type:        []string{"boolean"},
 							Format:      "",
 						},
diff --git a/pkg/apis/pingcap/v1alpha1/types.go b/pkg/apis/pingcap/v1alpha1/types.go
index 51507fdb16..6004f0f794 100644
--- a/pkg/apis/pingcap/v1alpha1/types.go
+++ b/pkg/apis/pingcap/v1alpha1/types.go
@@ -774,8 +774,8 @@ type TiProxySpec struct {
 	// +kubebuilder:validation:Minimum=0
 	Replicas int32 `json:"replicas"`
 
-	// Whether disable SSL connection between tiproxy and TiDB server
-	SSLDisableTiDB bool `json:"sslDisableTiDB,omitempty"`
+	// Whether enable SSL connection between tiproxy and TiDB server
+	SSLEnableTiDB bool `json:"sslEnableTiDB,omitempty"`
 
 	// TLSClientSecretName is the name of secret which stores tidb server client certificate
 	// used by TiProxy to check health status.
diff --git a/pkg/manager/member/tiproxy_member_manager.go b/pkg/manager/member/tiproxy_member_manager.go
index 02263912cf..7bbec4b102 100644
--- a/pkg/manager/member/tiproxy_member_manager.go
+++ b/pkg/manager/member/tiproxy_member_manager.go
@@ -134,7 +134,7 @@ func (m *tiproxyMemberManager) syncConfigMap(tc *v1alpha1.TidbCluster, set *apps
 		cfgWrapper.Set("security.server-tls.cert", path.Join(tiproxyServerPath, "tls.crt"))
 		cfgWrapper.Set("security.server-tls.skip-ca", true)
 
-		if !tc.Spec.TiProxy.SSLDisableTiDB || !tc.SkipTLSWhenConnectTiDB() {
+		if tc.Spec.TiProxy.SSLEnableTiDB || !tc.SkipTLSWhenConnectTiDB() {
 			if tc.Spec.TiDB.TLSClient.SkipInternalClientCA {
 				cfgWrapper.Set("security.sql-tls.skip-ca", true)
 			} else {
@@ -440,7 +440,7 @@ func (m *tiproxyMemberManager) getNewStatefulSet(tc *v1alpha1.TidbCluster, cm *c
 			},
 		})
 
-		if !tc.Spec.TiProxy.SSLDisableTiDB || !tc.SkipTLSWhenConnectTiDB() {
+		if tc.Spec.TiProxy.SSLEnableTiDB || !tc.SkipTLSWhenConnectTiDB() {
 			volMounts = append(volMounts, corev1.VolumeMount{
 				Name: "tidb-client-tls", ReadOnly: true, MountPath: tiproxySQLPath,
 			})